HHS Information Blocking Regulations are Now in Effect

It has been a long time coming, but the information blocking regulations of the Office of the National Coordinator for Health Information Technology (ONC) that were a requirement of the 21st Century Cures Act have now taken effect and compliance is now mandatory.

The 21st Century Cures Act was enacted by Congress more than 4 years ago, with the final version of the information blocking regulations published in March 2020. The compliance date was April 5, 2021.

The regulations were introduced to prevent information blocking, which is the practice of interfering with access, exchange, and use of electronic health information or EHI. There have been many cases where vendors of electronic health record systems (EHRs) have engaged in information blocking and of healthcare providers that have hampered information sharing with other providers.  Those practices are now outlawed.

There is no deadline for meeting requests to share healthcare data, as the 30-day deadline has been removed. Instead, requests must be honored on a timely basis without unnecessary delay, which means waiting 30 days is likely to be considered information blocking. The expectation is to make healthcare data available immediately.

While compliance is mandatory, initially there is an 18-month grace period during which time the information blocking regulations only apply to core EHI, as defined in the United States Core Data for Interoperability (USCDI Version 1). The intention is to give the regulated community time to adjust to the new regulations. From October 2022, the full scope of the EHI definition will take effect.

ONC explained that the 18-month grace period does not mean the regulated community should wait until the October 2022 deadline to ensure that no information blocking occurs for the full scope of EHI. Earlier compliance is being encouraged.


Simple Guidelines
Immediate PDF Download

Immediate Access

Privacy Policy

During the grace period the ONC will continue with its education efforts to help the regulated community comply with the new regulations and will be communicating with stakeholders regularly about the new regulations.  The ONC will continue to work closely with the HHS’ Office of Inspector General (HHS OIG) and will soon issue a final rule concerning investigations of information blocking and civil monetary penalties, which will be applied in cases where information blocking is confirmed.

The ONC is encouraging all stakeholders to report cases of information blocking, as complaints inform its enforcement efforts.  Complaints can be submitted via this link.

Information blocking also applies to the sharing of healthcare data with patients. One of the requirements of the information blocking regulations is to improve patient access to their own medical records by allowing patients to have their healthcare data sent to a smartphone app of their choosing, via application programming interfaces (APIs).

Now that the regulations are in effect, there is expected to be a proliferation of consumer health apps that allow patients to access their medical records. Any patients that experience any information blocking with respect to requests for their records to be sent to their smartphone apps should similarly file a complaint with the ONC.

It should be noted that one of the exceptions to the information blocking rule is when a regulated entity such as a healthcare provider believes that the request to send healthcare data to a smartphone app involves security risks and may result in a privacy violation.  In such cases, requests may be denied.

About Liam Johnson
Liam Johnson has produced articles about HIPAA for several years. He has extensive experience in healthcare privacy and security. With a deep understanding of the complex legal and regulatory landscape surrounding patient data protection, Liam has dedicated his career to helping organizations navigate the intricacies of HIPAA compliance. Liam focusses on the challenges faced by healthcare providers, insurance companies, and business associates in complying with HIPAA regulations. Liam has been published in leading healthcare publications, including The HIPAA Journal. Liam was appointed Editor-in-Chief of The HIPAA Guide in 2023. Contact Liam via LinkedIn: https://www.linkedin.com/in/liamhipaa/